Embodied Skill Gating

Mechanism

Embodied skill gating is the capability-evaluation function applied to skills whose effect set intersects an embodiment. An embodiment, in the cognition patent's terminology, is any actuation surface whose state changes are not reversible by software alone: a vehicle steering column, a robotic gripper, an industrial valve, an XR haptic actuator, a surgical end-effector. Skills that target such surfaces carry an embodiment tag in their declarative manifest, and the gating function inspects that tag on every invocation.

The gate operates as a deterministic evaluation pipeline embedded inside the agent's cognitive architecture, downstream of proposal generation and upstream of any actuator dispatch. When an LLM-derived skill proposal arrives, the mutation engine assembles a candidate invocation containing the proposed skill identifier, the supplied arguments, and the inferred embodiment context. The validation engine then performs the four checks that constitute the gate: domain classification of the skill, retrieval of the agent's current capability evidence record, comparison of evidence to the skill's declared body-side prerequisites, and arbitration when multiple proposals contend for the same embodiment.

Domain classification is not heuristic. Each skill's manifest declares whether its effect set is body-side, simulation-side, or mixed, and the classification is structural metadata rather than runtime inference. A skill that controls a real motor and a skill that controls a simulated motor are two distinct skill identifiers with two distinct manifests, even when they share the same underlying logic. This deliberate duplication is what makes the gate decidable: there is never ambiguity about which domain a given invocation targets.

Capability evidence is held in the agent's canonical capability ledger, a typed record that accumulates body-side proofs over the agent's operational lifetime. Proofs include sensor handshakes confirming that the embodiment is physically connected, certification tokens issued by an external authority, calibration receipts from a recent self-test, and operator authorizations bound to a specific session. The ledger is append-only and signed, so the gate's evaluation is reproducible from lineage alone. If the proofs required by the skill manifest are present and unexpired, the gate releases. If any prerequisite is absent, stale, or revoked, the gate refuses, and the refusal itself becomes a lineage entry.

The structural property that distinguishes embodied gating from conventional permission systems is non-substitutability. Simulation-side evidence cannot satisfy a body-side prerequisite. A skill that steered a vehicle successfully ten thousand times in simulation produces no body-side capability claim, because the proofs accumulated during simulation runs are tagged with a simulation-domain origin and the gate's matching function rejects cross-domain substitution at the type level. This is what the patent specification means when it states that body-side and simulation-side capability are structurally disjoint: the disjointness is a property of the type system that holds the evidence, not a policy applied on top of it.

Operating Parameters

The gate's behavior is fully governed by parameters declared in the agent's policy reference. The first parameter is the domain partition itself, a manifest-level enumeration that assigns each registered skill to body, simulation, or mixed. Mixed skills are decomposed at registration time into body-side and simulation-side sub-skills, each with its own manifest, so the runtime evaluation never has to reason about hybrid cases. The decomposition rule is itself a policy parameter: an operator can choose to forbid mixed skills entirely, requiring that every cross-domain operation be expressed as an explicit composition.

The second parameter is the evidence schema. For each body-side skill the policy declares which proof types are required, which are sufficient on their own, and which combinations satisfy the prerequisite. A high-risk surgical skill might require all of: a current calibration receipt, an operator authorization signed within the last sixty seconds, and a sensor handshake confirming end-effector contact. A low-risk diagnostic skill might require only a sensor handshake. The schema is declarative; the evaluation function is generic across schemas.

The third parameter is the freshness window. Capability evidence is timestamped, and the policy assigns each proof type a maximum age beyond which it no longer contributes to the gate's release condition. Calibration receipts typically expire on the order of hours; sensor handshakes on the order of seconds; operator authorizations on the order of a single session. The freshness window is enforced by the gate itself, not by the proof issuer, so a stale proof in the ledger never produces a stale release.

The fourth parameter is the revocation channel. External authorities, operators, and the agent's own self-monitoring subsystems can submit revocation tokens that retroactively invalidate previously issued proofs. The gate consults the revocation channel as part of every evaluation, and a revocation observed between the moment an LLM emits a proposal and the moment the gate releases will block the invocation. This closes the window in which a long-running deliberation could be acted upon under capability conditions that no longer hold.

The fifth parameter is the arbitration discipline. When multiple LLM proposals target the same embodiment within an arbitration window, the gate selects among them according to a declared rule: highest-priority skill wins, earliest-arrival wins, or explicit tie-break by an external arbitrator. Losers are recorded in lineage as preempted proposals, which is operationally important because it preserves the audit trail of what the agent considered doing alongside what it actually did.

Alternative Embodiments

The cognition patent contemplates several embodiments of the gate that share its structural properties while varying in operational detail. In the autonomous vehicle embodiment, the body-side prerequisites include a CAN-bus handshake, a current driver-assist certification token, and a traction-control self-test result. Simulation-side skills, used by the same agent for route planning and what-if analysis, draw on a separate evidence pool and never satisfy body-side prerequisites regardless of how comprehensive the simulation-side proofs become.

In the industrial robotics embodiment, body-side prerequisites center on tool-changer handshakes, workspace-clearance proofs from a vision subsystem, and operator e-stop arming confirmations. The simulation-side counterpart of each skill exists for offline programming and digital-twin validation; these run continuously and accumulate substantial simulation-domain evidence, but the gate's type-level disjointness guarantees that nothing learned in the digital twin can release a body-side gate without independent physical proof.

In the XR and VR embodiment, the body-side surface is the user's haptic and locomotion hardware. Skills that drive force feedback, treadmill resistance, or smell synthesis are body-side; skills that drive purely visual or auditory presentation are simulation-side. The distinction matters in therapeutic and training applications where unauthorized haptic actuation can cause physical injury even when the visual scene is benign.

In the surgical and medical embodiment, the gate is integrated with the existing certification infrastructure of the operating environment. Body-side proofs include institutional credentialing, instrument-tray verification, and patient-consent confirmations. The gate refuses any skill invocation whose prerequisites are not satisfied at the moment of dispatch, even when the same skill was admissible thirty seconds earlier, ensuring that revocations propagate without latency.

A further embodiment treats the gate itself as composable across federated agents. When two agents share an embodiment, their respective gates are joined by an intersection rule: the embodiment may be actuated only when both agents' prerequisites are simultaneously satisfied. This permits cooperative operation without weakening either agent's individual safety guarantees.

Composition With Other Mechanisms

Embodied skill gating composes with the broader skill-gating architecture described in Chapter 7 of the cognition patent. Upstream, the proposal generation layer is responsible for emitting candidate skill invocations from LLM output; the gate does not reach into that layer and is indifferent to how proposals are produced. Downstream, the actuator dispatch layer assumes that any invocation it receives has cleared the gate, allowing dispatch to be implemented as a thin shim over hardware drivers.

The gate composes with the multi-turn memory isolation mechanism by ensuring that capability evidence accumulated within one session is scoped to that session's memory region. A body-side proof issued during session A does not persist into session B unless the policy explicitly declares it as a long-lived ledger entry. This prevents capability leakage across sessions, which is the analog of memory leakage but in the proof domain.

The gate composes with capability-modulated discovery traversal by sharing the same capability ledger. Discovery traversal consults the ledger to determine which portions of the discovery space the agent is structurally permitted to explore; the gate consults the same ledger to determine which skills the agent is permitted to invoke. The two mechanisms therefore operate over a single source of truth, and a revocation propagates simultaneously to both.

Prior-Art Distinction

Conventional robotic and vehicle authorization systems treat the body-versus-simulation distinction as an operational concern handled outside the planning layer, typically by switching the planner's output between a real-hardware backend and a simulator backend. Under that arrangement, the planner is unaware of the distinction, and any errant routing of a body-targeting plan to the wrong backend is caught (if at all) by ad hoc safety interlocks. Embodied skill gating differs in that the distinction is part of the planner's own type system: the planner cannot emit a body-targeting invocation without producing a body-domain proposal, and the gate refuses any body-domain proposal that lacks body-domain evidence.

Permission-based access control systems likewise treat capability and authorization as the same concept, conflating "is allowed to" with "is able to." The gate explicitly separates them: authorization is a precondition checked elsewhere, while embodied capability is a structural property checked here, and a fully authorized agent is still refused if its body-side evidence is absent or stale.

Disclosure Scope

The disclosed mechanism covers any agent architecture in which skill invocations are partitioned along an embodiment boundary, capability evidence is held in a typed ledger that distinguishes body-domain from simulation-domain proofs, and a deterministic gate refuses invocations whose declared embodiment requirements are not satisfied by domain-matched evidence. The scope encompasses vehicle, industrial, surgical, XR, and any other domain in which an agent's actions can produce physically irreversible effects, and applies whether the proposing layer is an LLM, a classical planner, or a human-in-the-loop interface.

Because the mechanism is policy-governed and lineage-recorded, regulatory analysis and certification can proceed by inspection of the policy reference and the ledger schema rather than by exhaustive empirical testing of agent behavior. This shifts the burden of demonstrating safety from black-box validation to white-box structural review, which is the principal commercial property the disclosure protects.